Alok Sahay Country Manager India Saarc

Alok Sahay
Sales Director India & SAARC
+91 8800-67 77 99

Welcome to India!

Hi! My name is Alok and I'm your local representative in India. Looking for a cyber security solution and vulnerability management? Let's talk! 

View products

Book demo

Faurani Ahmad Sales director Southeast Asia

Ahmad Faurani
Sales Director Southeast Asia
+60 19 434 2727

Welcome to Malaysia!

Hi! My name is Ahmad Faurani and I'm your local representative in Malaysia. Looking for a cyber security solution and vulnerability management? Let's talk! 

View products

Book demo


Cristian Miranda
Key Account Manager, Finland
+46 8-550 05 582

Tervetuloa Suomeen!

Hei! Nimeni on Cristian ja olen paikallinen edustajasi Suomessa. Etsitkö tietoturvaratkaisua ja haavoittuvuuksien hallintaa? Puhutaan!

Lue lisää



Victor Bunge Meyer
Key Account Manager, Sverige
+46 08-550 05 582

Holm Security i Sverige

Välkommen till Holm Security i Sverige! Jag heter Victor och är din lokala kontakt. Kontakta mig om du vill veta mera om vår platform för sårbarhetsanalyser. 

Läs mer här

Boka demo


Beth Murrell holm security

Beth Murrell
Account Manager, Benelux
+31-20-238 63 94

Welkom in de Benelux!

Mijn naam is Beth Murrell en ik ben uw lokale vertegenwoordiger in Nederland, België en Luxemburg. Op zoek naar een cyberveiligheidsoplossing en kwetsbaarheidsbeheer? Laten we praten!

Lees verder

Boek een demo

jens dahlkvist holm security

Jens Dahlkvist
Key Account Manager, Norge
+46 8-550 05 582

Holm Security i Norge

Velkommen til Holm Security i Norge! Jeg heter Jens og er din lokale kontaktperson.Kontakt meg hvis du vil vite mer om vår plattform for sårbarhetsanalyser.

Les mer

Personlig demo

Ronnie Jensen

Ronnie Jensen
Country Manager Denmark
+45 31 12 10 05

Holm Security i Danmark

Velkommen til Holm Security i Danmark! Mit navn er Ronnie og jeg er din lokale kontaktperson. Kontakt mig, hvis du vil vide mere om vores sårbarhedsanalyseplatform.

Læs mere

Personlig demo

How a cyber weapon is made

Image of Jonas Lejon
Jonas Lejon

August 29, 2019

What is the difference between an ordinary damaging code and an advanced cyber weapon, and exactly how is a cyber weapon deployed and executed? Stuxnet was, according to many security researchers, one of the first and most recognizable cyber weapons. The resources needed to develop Stuxnet and its different parts was something only one nation had at the time: Several programming languages, large amounts of modules, several zero-days, knowledge of the centrifuges in the Uranium enrichment facility Natanz, and stolen certificates, are just a few reasons that make it probable only one nation was behind it.


The delivery mechanism

This part of the cyber weapon ensures it hits its target - or reaches the right client, hardware, or network. The delivery can be done using an e-mail, USB-memory, CD-ROM, or by physically connecting to the server, client, TV, or similar devices. This is something which the Vault7 leaks from the CIA showed, not entirely unusual that HUMINT and SIGINT resources were used. The delivery might happen in the form of an implant that is installed when the equipment is sent to the customer. To reach its final target, which might be further into the network, the zero-days, or code, can be used to detect and bypass so-called airgaps. Networks that are sensitive and not connected to the internet, for example.



The warhead makes sure that the goal of the cyber weapon is completed. It can be to influence a process in a SCADA system or perhaps destroy vital parts in systems that are crucial for the community. It could also exfiltrate sensitive information from the target system.


The communication mechanism

This part is not always necessary but makes it possible to (using a unique ID) “call home” and notify that the cyber weapon has reached its target or completed a sub-goal. The communication part is important if the cyber weapon is hidden during an extended period and works to activate the warhead on command.

To make the discovery by network forensics and intrusion detection systems more difficult, popular sites such as Dropbox, Twitter, or Instagram can be used over TLS encrypted communication.
Steganography, where messages are exfiltrated with the help of pictures, has even been observed, including communication with IP-addresses where a satellite link is used, and the antagonist has had the opportunity to read the communication with the help of SIGINT or other equipment.
If the communication mechanism is already using existing infrastructure to update software or check if new versions are available, the process of detection gets increasingly more difficult. The communication mechanism can also be used to download and activate new modules, droppers, etc.



One of the oldest and most common methods is obfuscating or encrypting. Even relatively simple things such as modularity can make it difficult to see the whole of a cyber weapon, for example, sniff-functions can be present in a module, or key logs in a module, etc.
There are even environmental keyed payloads where a module can be encrypted with a key that is only located in the target network or system. Another important aspect for those developing cyber weapons is OPSEC. Since everything leaves a trace and something that is increasingly common is false flagging. Traces can lead towards one country, when in fact it is ’developed’ in a completely different one. Language, time zones, etc. can be changed.


Collaborate – don’t monitor

In Holm Security's platform, you can work together with your outsourcing partner. You can both access the Security Center (our control panel) and be able to prioritize and discuss vulnerabilities. The platform then becomes a tool that promotes cooperation with your outsourcing partner and enables you to work more efficiently with your IT security.



Sometimes the warhead is located in the unit's RAM and disappears if the unit crashes or restarts. Creators of cyber weapons want it to stay put for a longer time and there are an unbelievable amount of ways to hide.



A difference between, for example, WannaCry and a cyber weapon are that the objective of the cyber weapon is to only propagate within a smaller area. It can be a smaller organization or network. A smaller spread can make eventual detection more difficult. Propagation can be a must in the delivery, and then maybe there is a gap between the process network/secret network and the internet.


Shake up 

Cyber weapon developers put resources on developing weapons that will remain hidden. The weapon deletes itself when the mission is complete, and there might be a built-in counter that automatically erase the weapon once completed.


Cyber Security Starts Here! 👇

Vulnerability Management is a cornerstone in a modern cyber security defense.

Book demo now